Your SlideShare is downloading. ×
Social Networking Information Security
Social Networking Information Security
Social Networking Information Security
Social Networking Information Security
Social Networking Information Security
Social Networking Information Security
Social Networking Information Security
Social Networking Information Security
Social Networking Information Security
Social Networking Information Security
Social Networking Information Security
Social Networking Information Security
Social Networking Information Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Social Networking Information Security

2,472

Published on

Need for a specific Information Security Policy for the use of Social Networking

Need for a specific Information Security Policy for the use of Social Networking

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,472
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
88
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Social Networking Need for an Information Security Policy Bernardo Ramos 08/02/2010 February 8th 2010
  • 2. Index ● Social Networking: A new standard for interpersonal communication: ● Personal ● Professional ● It is here to stay ● Social Networking and Security ● Old threats on a new support ● New specific threats February 8th 2010 Social Networks - Information Security 2
  • 3. Social Networking: A new standard for interpersonal communication ● Social Networking is not just Facebook and Twitter: It is a composite set of: – Blogging (Wordpress / Blogger) – Microblogging (Twitter) – Tumble-logging, Link-logging (http://fr.wikipedia.org/wiki/Tumblelog) (Tumblr, Delicious) – Open Social Networks (Facebook, Myspace, Tuenty, Renren) – Professional Social Networks (LinkedIn, Viadeo) – Private/dedicated Social Networks (Ning) – Photo and Video sharing (Flickr, Youtube) – Slide Sharing (Slideshare) – Document Sharing (Google docs) – Music lists sharing (Spotify, Blip.fm) Complemented and integrated with – E-mail – Chat February 8th 2010 Social Networks - Information Security 3
  • 4. Social Networking: A new standard for interpersonal communication Personal use Professional use Very linked to mobile communication February 8th 2010 Social Networks - Information Security 4
  • 5. Social Networking is here to stay Think of many other previous innovations: 1960 ● Telephone 1970 ● Computer Terminal 1980 ● Personal Computer ● Mail 1990 ● Forums and Groupwares ● Internet 2000 ● Collaborative web and IM ● Social Networking 2010 February 8th 2010 Social Networks - Information Security 5
  • 6. Social Networking and Security ● Social Networking provides support for already existing threats: ● Phishing ● Social Engineering ● Spam ● Data Leakage ● Malware infections February 8th 2010 Social Networks - Information Security 6
  • 7. Social Networking and Security ● Social Network present new threats or extended support for existing ones (Data loss, Identity theft, Password theft, etc.): ● Shortened URL (Twitter) ● Complementary Applications (Facebook) ● Unawareness of who is reading you, + sharing a lot of personal information: – Travelling details – What you are working on – Identity information – Etc. February 8th 2010 Social Networks - Information Security 7
  • 8. Social Networking and Security ● Beside the associated Information Security threats, Social Networking represents a risk since its intensive use could: ● Overwhelm telecommunications resources ● Reduce employee productivity February 8th 2010 Social Networks - Information Security 8
  • 9. Security Policy for Social Networking ● The social networking boom shows no sign of stopping. ● For young arriving employees it makes part of their everyday-life ● Social networking sites are now a vital part of many marketing and sales strategies. ● Many companies are planning the use of social networking for internal use Therefore: ● they cannot be blocked ● but they cannot be allowed to ● drain company resources or ● be used as vectors for data loss or malware penetration February 8th 2010 Social Networks - Information Security 9
  • 10. Security Policy for Social Networking A specific Social Networking Security Policy is needed to provide:  granular access control,  secure encryption  data monitoring  comprehensive malware protection And the most important  User Awareness February 8th 2010 Social Networks - Information Security 10
  • 11. Security Policy for Social Networking ● Starting from existing policies: ● User charter for the use of Information and Telecommunication resources ● Basic Security recommendations ● Internet Access best practices ● Etc. ● Additional awareness communication specific to Social Networking: ● How to adjust your settings to protect your identity ● Use of additional applications integrated in Social Networks ● Share only what really belongs to you ● Use chat only with verified known people ● Do not run for the biggest number of connections ● Do not mix personal and professional ● Be very restrictive and careful when sharing your company activities ● Do not use the same password everywhere (good password tips) ● Do not click quickly neither everywhere ● Think you can endanger the others February 8th 2010 Social Networks - Information Security 11
  • 12. Security Policy for Social Networking ● New restrictions and controls specific for Social Networking: ● ¿Accessing hours restrictions? (Difficult and only for productivity reasons) ● Individual high volume traffic alert ● Classification of Sensitive Information ● Encryption of High sensitive data ● Granular monitoring of Internet traffic ● Identification of specific dangerous sites or tools and restrict its use ● Regulation of the use of the company name and information ● Specific restrictions depending on each Social Media and tool (per user, per hours, etc.) Using last generation Firewalls ● Etc. February 8th 2010 Social Networks - Information Security 12
  • 13. Security Policy for Social Networking ● Can we forbid Social Networking? Should we do that? It is not a good idea because most of risks will still be there since: ● People will anyway use it at work with their personal mobile devices ● People will still use it at home February 8th 2010 Social Networks - Information Security 13

×